The Human in the Loop: Why Vibe Coding Needs Supervision

AI is powerful, but it's not infallible. The “Human in the Loop” principle ensures that AI augments human intelligence rather than replacing it.

This guide explains why supervision matters and how to do it effectively.

What is “Human in the Loop”?

Definition: A human reviews and approves AI decisions before they're implemented.

In Vibe Coding:
* AI generates code
* Human reviews it
* Human approves, modifies, or rejects
* Code is committed

Why Supervision is Critical

1. AI Makes Mistakes

Example:
AI generates a sorting function that works for small arrays but has O(n³) complexity.

Without Human Review: Ships to production, crashes under load.
With Human Review: Caught during code review, optimized before shipping.

2. AI Lacks Business Context

Example:
AI generates a discount calculation that gives 100% off for certain edge cases.

Without Human Review: Customers get free products.
With Human Review: Edge case is caught and fixed.

3. AI Can't Make Judgment Calls

Example:
AI suggests using a complex state management library for simple state.

Without Human Review: Unnecessary complexity added.
With Human Review: Simpler solution chosen.

4. AI Doesn't Understand Trade-offs

Example:
AI optimizes for performance at the cost of readability.

Without Human Review: Code becomes unmaintainable.
With Human Review: Balance is struck between performance and clarity.

The Supervision Framework

Level 1: Passive Review (Minimum)

What: Read AI-generated code before committing.

When: Every single commit.

Checklist:
– [ ] Does it work?
– [ ] Is it secure?
– [ ] Is it maintainable?

Level 2: Active Testing (Recommended)

What: Test AI-generated code thoroughly.

When: For critical features.

Process:
1. Run unit tests
2. Run integration tests
3. Manual testing
4. Edge case testing

Level 3: Pair Programming (Best)

What: Work with AI in real-time, reviewing each suggestion.

When: For complex or critical code.

Process:
1. AI suggests code
2. Human reviews immediately
3. Human accepts, modifies, or rejects
4. Iterate until satisfied

When to Trust AI

High-Trust Scenarios

✅ Boilerplate Code
* CRUD operations
* Form validation
* API endpoints with standard patterns

✅ Well-Defined Problems
* “Sort this array by date”
* “Add a loading spinner”
* “Format this date”

✅ Refactoring
* Converting class components to functional
* Updating deprecated APIs
* Renaming variables

Low-Trust Scenarios

⚠️ Business Logic
* Pricing calculations
* Access control
* Financial transactions

⚠️ Security-Critical Code
* Authentication
* Authorization
* Data encryption

⚠️ Performance-Critical Code
* Database queries at scale
* Real-time systems
* High-frequency operations

The Review Checklist

For Every AI-Generated Code Block

#### 1. Correctness
– [ ] Does it solve the problem?
– [ ] Are edge cases handled?
– [ ] Is the logic sound?

#### 2. Security
– [ ] No hardcoded secrets?
– [ ] Input is validated?
– [ ] SQL injection prevented?
– [ ] XSS prevented?

#### 3. Performance
– [ ] Efficient algorithms?
– [ ] No unnecessary loops?
– [ ] Database queries optimized?

#### 4. Maintainability
– [ ] Clear variable names?
– [ ] Reasonable complexity?
– [ ] Commented where needed?

#### 5. Standards
– [ ] Follows team conventions?
– [ ] Matches existing patterns?
– [ ] Passes linting?

Real-World Example: The $10,000 Bug

The Scenario

An e-commerce company used AI to generate a discount code system.

The AI-Generated Code

“`javascript
function applyDiscount(price, code) {
const discounts = {
‘SAVE10': 0.10,
‘SAVE20': 0.20,
‘SAVE50': 0.50
};

return price * (1 – discounts[code]);
}
“`

The Problem

What if `code` is `'SAVE100'` (not in the list)?

“`javascript
applyDiscount(100, ‘SAVE100')
// Returns: 100 * (1 – undefined) = NaN
“`

The checkout breaks. But worse, what if someone figures out they can use `'constructor'` or `'__proto__'`?

The Fix (Human Intervention)

“`javascript
function applyDiscount(price, code) {
const discounts = {
‘SAVE10': 0.10,
‘SAVE20': 0.20,
‘SAVE50': 0.50
};

if (!discounts.hasOwnProperty(code)) {
throw new Error(‘Invalid discount code');
}

return price * (1 – discounts[code]);
}
“`

The Lesson

AI doesn't think about prototype pollution or edge cases. Humans do.

Building a Culture of Supervision

For Teams

1. Code Review is Mandatory
All AI-generated code must be reviewed by another human.

2. “AI-Generated” Label
Tag PRs that include AI code:
“`markdown

AI Assistance

– [x] This PR includes AI-generated code
– [x] All AI code has been reviewed
“`

3. Shared Responsibility
The person who commits AI code is responsible for it, not the AI.

For Individuals

1. Never Blindly Accept
Always read the code, even if it looks correct.

2. Test Everything
Don't assume AI-generated code works.

3. Learn from AI
Use AI as a learning tool. Understand why it chose a particular approach.

The “Explain It to Me” Rule

If you can't explain the AI-generated code to a colleague, you don't understand it well enough to ship it.

Prompt:
> “Explain this code in simple terms, as if teaching a junior developer.”

If the explanation doesn't make sense, refactor or rewrite.

Automation vs. Supervision

What to Automate

* Linting
* Type checking
* Unit tests
* Security scans

What Requires Human Judgment

* Architectural decisions
* Business logic correctness
* User experience
* Trade-off evaluation

Conclusion

The “Human in the Loop” isn't a limitation—it's a strength. It combines the speed of AI with the judgment of humans.

At BYS Marketing, we embrace AI but never skip human review. Every line of AI-generated code is reviewed by a senior developer before it reaches production.

—

Want to implement AI coding safely?
Contact BYS Marketing. We'll help you build processes that balance speed with quality.